Thank you, Mohammad Abdullah, from the Bogra Polytechnic Institute in Bangledesh. Mohammad took the time to write us about an issue he ran into on Yipee.io. He took the time to write a detailed email with instructions on what the issue was and how to reproduce it. Not only that, he made himself available via email if we had questions. To top it off, once we fixed the issue we asked if he wouldn’t mind re-testing. He was more than willing to help. Mohammad did this without expecting anything from us.
I wanted to publicly thank Mohammad for volunteering his time to help us make Yipee.io a better product.
I also want to thank Sajibe Kanti, an Independent Web Security Researcher, for alerting us to a vulnerability in our WordPress site. Sajibe provided detailed instructions on how to reproduce the issue making it easy to find and resolve.
Thanks to Pethuraj M, a Web Security Researcher from India for alerting us to a Cross Site Scripting vulnerability that has been been fixed in our updated UI. Pethuraj took the time to show how to reproduce the issue and made a even video demonstrating the vulnerability.
Thank you Pethuraj for discovering and reporting this issue!
Thanks to Sreedeep.Ck Alavil, an Indian Independent Web Security Researcher, for alerting us to a critical brute force attack vulnerability which has now been fixed on our WordPress site. Sreedeep.Ck provided detailed instructions on how to reproduce the issue and how to verify the fix.
Thank you Sreedeep.Ck for discovering and reporting this issue!
Thanks to Karthikeyan Subramaniyan for reporting a misconfiguration of our SPF record which could allow spammers to send email on behalf of our domain. Karthikeyan provided detailed information regarding the misconfiguration as well as instructions on how to validate the fix.
Thank you Karthikeyan for discovering and reporting this issue!